My app files are located in phpfpm container and I need to serve them through nginx. I want to avoid mounting the same files in two containers, so I'm trying to figure out a way to serve them only from one, phpfpm, container. When I use reverse proxy to other containers:
server {
listen 0.0.0.0:8080;
server_name myapp.test;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://phpfpm:900;
proxy_redirect off;
}
}
I get 502 Bad Gateway error with the following error log record:
1 recv() failed (104: Connection reset by peer) while reading response header from upstream, client: 172.18.0.1, server: myapp.test, request: "GET / HTTP/1.1", upstream: "http://172.18.0.2:9000/", host: "myapp.test"
I guess it's because phpfpm container is not a HTTP server.
So, alternatively, I try using fastcgi_pass like so:
server {
listen 0.0.0.0:8080;
server_name myapp.test;
root /app;
location / {
try_files $uri $uri/index.php;
}
location ~ \.php$ {
fastcgi_pass phpfpm:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
}
This serves *.php files as expected, but doesn't serve other files, namely static content.
How do I makenginx serve both .php and static files from my phpfpm container?
Here's my docker-compose.yml:
version: "3.7"
services:
phpfpm:
image: "php-fpm:7.3"
volumes:
- ./site:/app
ports:
- "9000:9000"
nginx:
image: "nginx:1.17"
volumes:
- ./nginx/app.conf:/opt/nginx/conf/nginx.conf
ports:
- "80:8080"
You have 2 issues:
You did not mount your static content into your Nginx container, therefore it cannot be served. Add this volume to your container
./site/public/:/var/www/html/public/:ro
You need to setup your Nginx config in order to serve this static content. You may try this one
server {
listen 0.0.0.0:8080;
server_name myapp.test;
root /var/www/html/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass phpfpm:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
}
}
Related
I want to host multiple websites in one server with nginx reverse proxy by following this tutorial
https://www.datanovia.com/en/lessons/how-host-multiple-https-websites-on-one-server/
The Nginx proxy and each website are launched separately with Docker.
But every time I reload one of the website, it load the content of other website. For example:
Load websiteone.tk 1st time, loaded website ONE's content.
Refresh websiteone.tk , loaded website TWO's content
Refresh websiteone.tk again, loaded website THREE's content
Load websitetwo.tk 1st time, loaded website TWO content
Refresh websitetwo.tk , loaded website THREE content.
I am a beginner for both nginx and docker. I can't tell if the problem happens in nginx or docker. May anyone please kindly advise? Thank you very much.
The nginx-proxy default.conf is
map $http_x_forwarded_proto $proxy_x_forwarded_proto { default $http_x_forwarded_proto;
'' $scheme;
}
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
server_names_hash_bucket_size 128;
map $proxy_x_forwarded_proto $proxy_x_forwarded_ssl {
default off;
https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss t>log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$upstream_addr"';
access_log off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA3> ssl_prefer_server_ciphers off;
error_log /dev/stderr;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
proxy_set_header X-Original-URI $request_uri;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
server_tokens off;
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
server_tokens off;
listen 443 ssl http2;
access_log /var/log/nginx/access.log vhost;
return 503;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
}
# websiteone.tk
upstream websiteone.tk {
## Can be connected with "nginx-proxy" network
# websiteonetk_my-app_1
server 192.168.32.8:80;
}
server {
server_name websiteone.tk;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name websiteone.tk;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/websiteone.tk.crt;
ssl_certificate_key /etc/nginx/certs/websiteone.tk.key;
ssl_dhparam /etc/nginx/certs/websiteone.tk.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/websiteone.tk.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://websiteone.tk;
}
}
# websitetwo.tk
upstream websitetwo.tk {
## Can be connected with "nginx-proxy" network
# websitetwotk_my-app_1
server 192.168.32.13:80;
}
server {
server_name websitetwo.tk;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name websitetwo.tk;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/websitetwo.tk.crt;
ssl_certificate_key /etc/nginx/certs/websitetwo.tk.key;
ssl_dhparam /etc/nginx/certs/websitetwo.tk.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/websitetwo.tk.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://websitetwo.tk;
}
}
# websitethree.tk
upstream websitethree.tk {
## Can be connected with "nginx-proxy" network
# websitethreetk_my-app_1
server 192.168.32.3:80;
}
server {
server_name websitethree.tk;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name websitethree.tk;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/websitethree.tk.crt;
ssl_certificate_key /etc/nginx/certs/websitethree.tk.key;
ssl_dhparam /etc/nginx/certs/websitethree.tk.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/websitethree.tk.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://websitethree.tk;
}
}
The docker-compose for the nginx proxy is
version: '3.6'
services:
nginx:
image: nginx
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
container_name: nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs:ro
nginx-gen:
image: jwilder/docker-gen
command: -notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
container_name: nginx-gen
restart: unless-stopped
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
nginx-letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-letsencrypt
restart: unless-stopped
volumes:
- ./conf.d:/etc/nginx/conf.d
- ./vhost.d:/etc/nginx/vhost.d
- ./html:/usr/share/nginx/html
- ./certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
NGINX_DOCKER_GEN_CONTAINER: "nginx-gen"
NGINX_PROXY_CONTAINER: "nginx"
networks:
default:
external:
name: nginx-proxy
The nginx default.conf for one of the website is
server {
root /application2;
index index.php;
location ~ \.php$ {
fastcgi_pass php-fpm:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PHP_VALUE "error_log=/var/log/nginx/application_php_errors.log";
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
include fastcgi_params;
}
}
The docker-compose/yml for one of the website is below.
Websiteone working directory is /application1.
Websitetwo working directory is /application2. etc
version: '3.1'
services:
my-app:
image: 'nginx:alpine'
volumes:
- '.:/application2'
- './phpdocker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf'
restart: always
environment:
- VIRTUAL_HOST=websitetwo.tk
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=websitetwo.tk
expose:
- 80
mailhog:
image: 'mailhog/mailhog:latest'
ports:
- '21001:8025'
php-fpm:
build: phpdocker/php-fpm
working_dir: /application2
volumes:
- '.:/application2'
- './phpdocker/php-fpm/php-ini-overrides.ini:/etc/php/8.1/fpm/conf.d/99-overrides.ini'
networks:
default:
external:
name: nginx-proxy
I've configured Coder and followed this instructions to set it up via Docker Compose.
In order to be able to use a public domain, I've configured a reverse proxy with nginx. Everything works except for the websocket connection which is used to get logs, status updates etc etc.
The error is: wss://workspaces.mydomain.io/api/private/workspaces/623ae5f6-0e4817996a28f4e5e592cb87/watch-stats' failed
The server is managed via Laravel Forge.
Here is my docker-compose.yml:
version: "3.5"
services:
coder:
image: docker.io/codercom/coder:1.28.2
container_name: coderd
restart: unless-stopped
ports:
- 7080:7080/tcp
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ${HOME}/.coder:/var/run/coder
environment:
DEVURL_HOST: "*.workspaces.mydomain.io"
And here my nginx configuration:
server {
listen 80;
listen [::]:80;
server_name .workspaces.mydomain.io;
server_tokens off;
root /home/forge/workspaces.mydomain.io/coder/public;
# FORGE SSL (DO NOT REMOVE!)
# ssl_certificate;
# ssl_certificate_key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_dhparam /etc/nginx/dhparams.pem;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
# FORGE CONFIG (DO NOT REMOVE!)
include forge-conf/workspaces.mydomain.io/server/*;
location / {
proxy_pass http://127.0.0.1:7080;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/workspaces.mydomain.io-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
I have this app running on Docker behind a traefik container.
Every time I access a URL from the API an expected response is returned, then an error from Nginx, than an expected, and next time an Nginx error... this loop is forever
This is my URL: http://api.preview-tefm.rtdigital.com.br/v1/me (expected: 401 response)
The error after a expected resposnse: 2021/11/05 14:22:16 [error] 9#9: *1 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 172.1.0.2, server: api.preview-tefm.rtdigital.com.br, request: "GET /v1/me HTTP/1.1", upstream: "fastcgi://172.1.0.3:9000", host: "api.preview-tefm.rtdigital.com.br"
Nginx Conf file:
worker_processes 4;
events { worker_connections 1024; }
http {
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=one:8m max_size=3000m inactive=600m;
proxy_temp_path /var/tmp;
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_comp_level 6;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_buffers 16 8k;
server {
listen 80;
server_name api.preview-tefm.rtdigital.com.br;
error_log /var/log/nginx/app-error.log debug;
access_log /var/log/nginx/app-access.log;
charset utf-8;
root /usr/share/nginx/html/webapp/public;
location /css/ {
access_log off;
expires 1d;
}
location /img/ {
access_log off;
expires 1d;
}
location /js/ {
access_log off;
expires 1d;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass app:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
# Hide PHP headers
fastcgi_hide_header X-Powered-By;
fastcgi_hide_header X-CF-Powered-By;
}
location / {
proxy_pass http://app:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_cache_bypass $http_upgrade;
try_files $uri /index.php?$query_string;
gzip_static on;
}
}
server {
listen 80;
server_name admin.preview-tefm.rtdigital.com.br;
error_log /var/log/nginx/admin-error.log;
access_log /var/log/nginx/admin-access.log;
root /usr/share/nginx/html/admin;
charset utf-8;
location / {
try_files $uri /index.html?$query_string;
gzip_static on;
}
}
}
docker-compose conf:
version: "3.7"
services:
app:
container_name: "tefm-app"
build: "${DOCKER_PHP_BUILD}"
restart: "no"
expose:
- "9000"
volumes:
- "./webapp:/usr/share/nginx/html/webapp"
networks:
- traefik-network
nginx:
container_name: "tef-nginx"
build: "${DOCKER_NGINX_BUILD}"
restart: "no"
tty: true
labels:
- "traefik.enable=true"
- "traefik.http.routers.tefm-nginx.entrypoints=web"
- "traefik.http.routers.tefm-nginx.rule=Host(`admin.preview-tefm.rtdigital.com.br`) || Host(`api.preview-tefm.rtdigital.com.br`)"
volumes:
- "./admin/build:/usr/share/nginx/html/admin"
- "./webapp:/usr/share/nginx/html/webapp"
depends_on:
- app
networks:
- traefik-network
networks:
traefik-network:
external: true
Nginx Dockerfile:
FROM nginx:alpine
COPY ./nginx.conf /etc/nginx/nginx.conf
EXPOSE 80 443
ENTRYPOINT ["nginx"]
CMD ["-g", "daemon off;"]
I am trying to connect to a proxypass in docker I have setup but I keep getting:
8#8: *1 api.example.local could not be resolved (3: Host not found)
I can access the proxy by going to http://api.example.com in my browser, but not if I go through the nginx proxy pass. My nginx is as follows, and please note that:
Have ipv6 disabled
I am resolving to 127.0.0.11
server {
listen 80;
server_name api.example.local;
resolver 127.0.0.11 ipv6=off;
location / {
root /code/api/public_html/;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?rt=$uri&$args;
}
location ~ \.php$ {
root /code/api/public_html/;
fastcgi_pass php:9000;
fastcgi_index index.php;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param ENV development;
fastcgi_param HTTPS off;
fastcgi_read_timeout 9600;
}
}
server {
index index.php index.html;
server_name www.example.local;
resolver 127.0.0.11 ipv6=off;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
root /code/main/public_html;
location / {
root /code/main/public_html/;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?rt=$uri&$args;
}
location /api {
resolver 127.0.0.11 ipv6=off;
proxy_pass_header Set-Cookie;
proxy_pass_header P3P;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Fowarded-Host $host;
set $upstream api.example.local;
proxy_pass http://$upstream;
proxy_connect_timeout 60;
proxy_redirect off;
}
location ~ \.php$ {
root /code/main/public_html/;
fastcgi_pass php:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param ENV development;
fastcgi_param HTTPS off;
fastcgi_read_timeout 300;
}
}
I also have the domains in my /etc/hosts. The OS is Ubuntu 18.04.
127.0.0.1 localhost
127.0.1.1 my-comp
127.0.0.1 www.example.local
127.0.0.1 api.example.local
What can I be doing wrong?
The nginx container and the upstream server need to be on the same docker network.
Example:
Assuming the nginx container is exposed ports 443 on the bridge, create a docker network called nginx-network and join it to that network.
Assuming also the upstream server is a container called ‘mysite’, join that container to the nginx-network, nginx will then be able to resolve the dns ‘mysite’.
I have two Docker containers on the same network. One of them is a Spring Boot server app, the other is a React client app. I'm trying to get the client to make AJAX calls to the server. When I run them both locally on my machine, outside of Docker, everything works. When I run them with my docker configuration and using an Nginx proxy, I get 502 bad gateway errors.
Here is my docker-compose configuration:
version: '3'
video-server:
build:
context: .
dockerfile: video-server_Dockerfile
container_name: video-server
networks:
- videoManagerNetwork
environment:
- VIDEO_MANAGER_DIR=/opt/videos
volumes:
- ${VIDEO_MANAGER_DIR_PROD}:/opt/videos
video-client:
build:
context: .
dockerfile: video-client_Dockerfile
container_name: video-client
networks:
- videoManagerNetwork
ports:
- 9000:80
networks:
videoManagerNetwork:
As you can see, both containers are given explicit names and are on the same network. video-client is the Nginx React app, video-server is the Spring Boot app.
Here is my Nginx config:
worker_processes auto;
events {
worker_connections 8000;
multi_accept on;
}
http {
log_format compression '$remote_addr - $remote_user [$time_local] '
'"$request" $status $upstream_addr '
'"$http_referer" "$http_user_agent"';
include /etc/nginx/mime.types;
default_type text/plain;
server {
listen 80;
# TODO make sure the log is written to a docker volume
access_log /var/log/nginx/access.log compression;
root /var/www;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/ {
proxy_set_header Host $http_host;
proxy_pass http://video-server:8080/api/;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
location ~* \.(?:css|js)$ {
try_files $uri =404;
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location ~ ^.+\..+$ {
try_files $uri =404;
}
}
}
As you can see, I'm proxying all calls to /api/ to my video-server container. This should be working. I even shelled into the video-client container docker exec -it video-client bash, installed curl, and was able to successfully make calls to the other container, ie http://video-server:8080/api/categories.
I'm looking for suggestions about what the problem with my configuration could be. I'm not particularly experienced with Nginx, so I'm assuming I'm doing something wrong there.
Edit
I finally figured out what was necessary to make this work. I would still be interested to understand why this helps.
I added the following lines to the "http" section of the Nginx config, and the problem was solved:
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
fastcgi_connect_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
So it looks like this changed the buffer and timeout settings. Why did this help?